6 Comments

Summary:

As the recent NSA scandal has shown, the security of the cloud is not a given. As with real estate, location is critical — and where you data is hosted can determine how safe it is.

cloud location
photo: phloxii/Shutterstock

For the early history of computing, data tended to be kept locked down within isolated, local systems for security reasons. With the advent of the cloud however, the idea of accessing data from anywhere, using cost-effective on-demand services is now thoroughly mainstream. Indeed, the future of IT is the cloud.

As cloud computing continues its triumphant spread, one issue that has continued to get undeservedly little attention, though, is the geographical location of data. The ongoing NSA scandal is finally bringing to light just one aspect of how critically important the physical location of digital data has become.

Distance can increase risk

On the most basic level, choosing a cloud provider whose data centers are located on a distant continent will obviously increase latency and so adversely affect performance. For businesses where performance and speed are relevant that’s a major concern. But it’s also worth considering that submarine communication cables, despite all their protective layers, are regularly broken by fishing trawlers, anchors and natural events such as earthquakes and turbidity currents – more than 50 cable breakdowns a year are repaired in the Atlantic alone. So relying on distant cloud providers can add a layer of risk of service dropouts that isn’t tenable for many businesses.

Local business culture matters

Every country has its own traditions and business culture, which can be difficult to grasp from abroad. For instance, mutual misunderstanding between American companies and Japanese customers is not a rare thing. So it’s logical that cloud users from around the world prefer working with providers who speak the same language, work in the same time zone and understand their local customs. Dealing with far-flung customer service reps simply can’t compete with more local ones.

And, perhaps most importantly, the location of your data centers has legal implications. If your cloud provider stores your data on servers in another country, then the laws of that country will most probably govern your data as well. National privacy laws vary widely from country to country.

For example, German developers prefer local hosting providers to American ones largely because U.S. law allows intelligence agencies access to foreign customers’ private information. (European data protection laws prohibit export of certain data abroad.) If your data is stored somewhere in India, meanwhile, you can never be sure whether it is secure or not, as there is no legal framework for cloud computing there yet – and no data protection laws either.

Some of the world’s largest cloud providers, such as Openshift and Heroku, for instance, still have their data centers in the U.S. (Heroku did open a European region this year that runs through Amazon’s Irish data center, but some personal data could still be routed through the U.S.). But currently neither of those companies are part of the Safe Harbor Program for American companies whose services manage EU citizens’ personal data according to EU standards, and we’ll have to see how the fallout from PRISM could affect their business. The fact is that most advanced cloud providers are already opening new data centers outside the U.S., and for good reason.

Specifically, Amazon has several data centers in North America, one in South America, nine in Asia Pacific and twelve spread across Europe, the Middle East and Africa. And Windows Azure has four data centers in the U.S., one in East Asia, one in South East Asia and two in Europe. (Jelastic’s cloud platform operates from one data center in the U.S., one in South America, one in East Asia and another seven in various European countries.)

PRISM may alter cloudscape

One day unified international standards will be adopted, and working in the cloud will become much simpler. For now, the situation with national statutory requirements is unclear. Just this week the Australian government announced that it will assess the impact that the PRISM program has had on Australian’s private data held by the various U.S. tech giants. Presumably other countries will follow suit soon.

Amy Armitage is director of strategic partner development at Jelastic, Inc., a cloud provider.

Have an idea for a post you’d like to contribute to GigaOm? Click here for our guidelines and contact info.

Photo courtesy phloxii/Shutterstock.com.

You’re subscribed! If you like, you can update your settings

  1. People need to understand that the NSA does not always do their own dirty work. In many, many places they contract out with private security firms, and/or turn over tasks to the FBI. My family was harassed by the NSA. This was divulged by the US Attorney’s Office in Minneapolis – when they turned their backs and walked away to what would be defined as “terrorist” activity. That big blue line protecting dirty cops got a lot bigger. I’d like to see Edward Snowden release data from an illegal operation conducted against an ordinary citizen. Let’s see that after listening to Mr. Mueller, General Alexander, General Hayden and umpteen US Senators reassure us that they are not operating illegally.

  2. The author fails to see that PRISM has nothing to do with cloud security:

    PRISM targeted the APPLICATION providers and their DATA and NOT the infrastructure providers that HOST these applications and data. PRISM is also border-less and doesn’t really care where the data is stored.

    When they get the APP vendors to cooperate, it doesn’t matter if the data sits on the moon, a swiss bank, or AWS…

    Zohar

  3. Hello,

    if you want to find a place worse than The United States of America to keep your data safe, I advise you to Italy. In fact, thanks to Professor Monti, who issued a simple administrative decree (which does not need to pass in parliament) in Italy all providers must deliver any database or data to the police or security services also without the approval of the judge. At least in the U.S. it takes the formal approval of the judge.

  4. I agree with Zohar what does prism have to do with this?

  5. Concerns over security and privacy of data on the cloud have been the biggest roadblocks to mass adoption of cloud based storage and hosting. Now, PRISM has confirmed those fears, came across this http://bit.ly/ZFPu1l very interesting piece on cloud computing that might interest some readers

  6. Concerns over security and privacy of data on the cloud have been the biggest roadblocks to mass adoption of cloud based storage and hosting. Now, PRISM has confirmed those fears, came across this http://bit.ly/ZFPu1l very interesting piece on cloud computing that might interest some readers

Comments have been disabled for this post